Home | History | Annotate | Download | only in proxy 
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef PPAPI_PROXY_PLUGIN_DISPATCHER_H_
      6 #define PPAPI_PROXY_PLUGIN_DISPATCHER_H_
      7 
      8 #include <set>
      9 #include <string>
     10 
     11 #include "base/basictypes.h"
     12 #include "base/containers/hash_tables.h"
     13 #include "base/memory/ref_counted.h"
     14 #include "base/memory/weak_ptr.h"
     15 #include "base/process/process.h"
     16 #include "build/build_config.h"
     17 #include "ipc/ipc_sync_channel.h"
     18 #include "ppapi/c/pp_instance.h"
     19 #include "ppapi/c/pp_rect.h"
     20 #include "ppapi/c/ppb_console.h"
     21 #include "ppapi/proxy/dispatcher.h"
     22 #include "ppapi/shared_impl/ppapi_preferences.h"
     23 #include "ppapi/shared_impl/ppb_view_shared.h"
     24 #include "ppapi/shared_impl/singleton_resource_id.h"
     25 #include "ppapi/shared_impl/tracked_callback.h"
     26 
     27 namespace IPC {
     28 class SyncMessageFilter;
     29 }
     30 
     31 namespace ppapi {
     32 
     33 struct Preferences;
     34 class Resource;
     35 
     36 namespace thunk {
     37 class PPB_Instance_API;
     38 class ResourceCreationAPI;
     39 }
     40 
     41 namespace proxy {
     42 
     43 // Used to keep track of per-instance data.
     44 struct InstanceData {
     45   InstanceData();
     46   ~InstanceData();
     47 
     48   ViewData view;
     49 
     50   // When non-NULL, indicates the callback to execute when mouse lock is lost.
     51   scoped_refptr<TrackedCallback> mouse_lock_callback;
     52 
     53   // A map of singleton resources which are lazily created.
     54   typedef std::map<SingletonResourceID, scoped_refptr<Resource> >
     55       SingletonResourceMap;
     56   SingletonResourceMap singleton_resources;
     57 
     58   // Calls to |RequestSurroundingText()| are done by posted tasks. Track whether
     59   // a) a task is pending, to avoid redundant calls, and b) whether we should
     60   // actually call |RequestSurroundingText()|, to avoid stale calls (i.e.,
     61   // calling when we shouldn't).
     62   bool is_request_surrounding_text_pending;
     63   bool should_do_request_surrounding_text;
     64 };
     65 
     66 class PPAPI_PROXY_EXPORT PluginDispatcher
     67     : public Dispatcher,
     68       public base::SupportsWeakPtr<PluginDispatcher> {
     69  public:
     70   class PPAPI_PROXY_EXPORT PluginDelegate : public ProxyChannel::Delegate {
     71    public:
     72     // Returns the set used for globally uniquifying PP_Instances. This same
     73     // set must be returned for all channels.
     74     //
     75     // DEREFERENCE ONLY ON THE I/O THREAD.
     76     virtual std::set<PP_Instance>* GetGloballySeenInstanceIDSet() = 0;
     77 
     78     // Registers the plugin dispatcher and returns an ID.
     79     // Plugin dispatcher IDs will be used to dispatch messages from the browser.
     80     // Each call to Register() has to be matched with a call to Unregister().
     81     virtual uint32 Register(PluginDispatcher* plugin_dispatcher) = 0;
     82     virtual void Unregister(uint32 plugin_dispatcher_id) = 0;
     83   };
     84 
     85   // Constructor for the plugin side. The init and shutdown functions will be
     86   // will be automatically called when requested by the renderer side. The
     87   // module ID will be set upon receipt of the InitializeModule message.
     88   //
     89   // Note about permissions: On the plugin side, the dispatcher and the plugin
     90   // run in the same address space (including in nacl). This means that the
     91   // permissions here are subject to malicious modification and bypass, and
     92   // an exploited or malicious plugin could send any IPC messages and just
     93   // bypass the permissions. All permissions must be checked "for realz" in the
     94   // host process when receiving messages. We check them on the plugin side
     95   // primarily to keep honest plugins honest, especially with respect to
     96   // dev interfaces that they "shouldn't" be using.
     97   //
     98   // You must call InitPluginWithChannel after the constructor.
     99   PluginDispatcher(PP_GetInterface_Func get_interface,
    100                    const PpapiPermissions& permissions,
    101                    bool incognito);
    102   virtual ~PluginDispatcher();
    103 
    104   // The plugin side maintains a mapping from PP_Instance to Dispatcher so
    105   // that we can send the messages to the right channel if there are multiple
    106   // renderers sharing the same plugin. This mapping is maintained by
    107   // DidCreateInstance/DidDestroyInstance.
    108   static PluginDispatcher* GetForInstance(PP_Instance instance);
    109 
    110   // Same as GetForInstance but retrieves the instance from the given resource
    111   // object as a convenience. Returns NULL on failure.
    112   static PluginDispatcher* GetForResource(const Resource* resource);
    113 
    114   // Implements the GetInterface function for the plugin to call to retrieve
    115   // a browser interface.
    116   static const void* GetBrowserInterface(const char* interface_name);
    117 
    118   // Logs the given log message to the given instance, or, if the instance is
    119   // invalid, to all instances associated with all dispatchers. Used for
    120   // global log messages.
    121   static void LogWithSource(PP_Instance instance,
    122                             PP_LogLevel level,
    123                             const std::string& source,
    124                             const std::string& value);
    125 
    126   const void* GetPluginInterface(const std::string& interface_name);
    127 
    128   // You must call this function before anything else. Returns true on success.
    129   // The delegate pointer must outlive this class, ownership is not
    130   // transferred.
    131   bool InitPluginWithChannel(PluginDelegate* delegate,
    132                              base::ProcessId peer_pid,
    133                              const IPC::ChannelHandle& channel_handle,
    134                              bool is_client);
    135 
    136   // Dispatcher overrides.
    137   virtual bool IsPlugin() const;
    138   virtual bool Send(IPC::Message* msg);
    139 
    140   // IPC::Listener implementation.
    141   virtual bool OnMessageReceived(const IPC::Message& msg);
    142   virtual void OnChannelError();
    143 
    144   // Keeps track of which dispatcher to use for each instance, active instances
    145   // and tracks associated data like the current size.
    146   void DidCreateInstance(PP_Instance instance);
    147   void DidDestroyInstance(PP_Instance instance);
    148 
    149   // Gets the data for an existing instance, or NULL if the instance id doesn't
    150   // correspond to a known instance.
    151   InstanceData* GetInstanceData(PP_Instance instance);
    152 
    153   // Returns the corresponding API. These are APIs not associated with a
    154   // resource. Guaranteed non-NULL.
    155   thunk::PPB_Instance_API* GetInstanceAPI();
    156   thunk::ResourceCreationAPI* GetResourceCreationAPI();
    157 
    158   // Returns the Preferences.
    159   const Preferences& preferences() const { return preferences_; }
    160 
    161   uint32 plugin_dispatcher_id() const { return plugin_dispatcher_id_; }
    162   bool incognito() const { return incognito_; }
    163 
    164  private:
    165   friend class PluginDispatcherTest;
    166 
    167   // Notifies all live instances that they're now closed. This is used when
    168   // a renderer crashes or some other error is received.
    169   void ForceFreeAllInstances();
    170 
    171   // IPC message handlers.
    172   void OnMsgSupportsInterface(const std::string& interface_name, bool* result);
    173   void OnMsgSetPreferences(const Preferences& prefs);
    174 
    175   virtual bool SendMessage(IPC::Message* msg);
    176 
    177   PluginDelegate* plugin_delegate_;
    178 
    179   // Contains all the plugin interfaces we've queried. The mapped value will
    180   // be the pointer to the interface pointer supplied by the plugin if it's
    181   // supported, or NULL if it's not supported. This allows us to cache failures
    182   // and not req-query if a plugin doesn't support the interface.
    183   typedef base::hash_map<std::string, const void*> InterfaceMap;
    184   InterfaceMap plugin_interfaces_;
    185 
    186   typedef base::hash_map<PP_Instance, InstanceData> InstanceDataMap;
    187   InstanceDataMap instance_map_;
    188 
    189   // The preferences sent from the host. We only want to set this once, which
    190   // is what the received_preferences_ indicates. See OnMsgSetPreferences.
    191   bool received_preferences_;
    192   Preferences preferences_;
    193 
    194   uint32 plugin_dispatcher_id_;
    195 
    196   // Set to true when the instances associated with this dispatcher are
    197   // incognito mode.
    198   bool incognito_;
    199 
    200   // A filter for sending messages from threads other than the main thread.
    201   scoped_refptr<IPC::SyncMessageFilter> sync_filter_;
    202 
    203   DISALLOW_COPY_AND_ASSIGN(PluginDispatcher);
    204 };
    205 
    206 }  // namespace proxy
    207 }  // namespace ppapi
    208 
    209 #endif  // PPAPI_PROXY_PLUGIN_DISPATCHER_H_
    210